Configuring Email Notifications

EmpowerID ships with over 100 email templates for every situation that we have identified that warrants a notification. Many of these must be enabled explicitly. Notification types and message recipients can include the following:

Onboarding emails are sent to the newly created person, and to the manager specified in the CreatePerson workflow.
Approval emails are sent to the people who run request workflows and, if they are sent for approval, those who approve them.
Password emails, expiration warnings, and other personal notifications are sent to the affected user.
Management role notification emails are sent to people who have Management Roles that enable them to receive the messages.
EmpowerID Security Alerts are sent to admin users for security event related alerts.
EmpowerID System Notifications are sent to admin users about alerts related to EmpowerID system events, such as failed jobs.
Group Membership Change Alerts are sent to admin users about group membership changes.
Group Owner Notifications are sent to group owners about group membership changes.
Dynamic hierarchy alerts, if enabled and if the group is mail-enabled, are sent to the following:
- People set in the AssignPeopleToAlerts workflow, accessible at https://<EmpowerID_Web_Server>/UI/#w/assignpeopletoalerts
- Management Roles set in the AssignManagementRolesToAlerts workflow, accessible at https://<EmpowerID_Web_Server>/UI/#w/assignmanagementrolestoalerts
- Groups set in the AssignGroupsToAlerts workflow, accessible at https://<EmpowerID_Web_Server/UI/#w/assigngroupstoalerts

You can use email test mode to send all email notifications to one email account to ensure that you have them configured correctly before you begin sending them out to users.

Permanent workflows

Permanent workflows trigger some notifications. These workflows are disabled by default.

To access permanent workflows from the navbar, expand Infrastructure Admin, then EmpowerID Servers and Settings, and click Permanent Workflows.

Request workflows

A request workflow is a representation of an EmpowerID workflow that runs when initiated by a person. Some request workflows send notifications that are necessary to ensure that EmpowerID runs smoothly. Some have optional approvals that you can enable as workflow parameters. These workflows include those listed in the below table.

Here is a list of request workflows with parameters that control notifications, along with their default values. (Twilio notifications are voice messages. For more, see Integrating Twilio.)

Request Workflow	Workflow Parameter	Default Value
TemporaryGroupMembership	ApprovalRequired	true
CreateScheduledCertificationAudit	AuditDeletedNotificationEmailTemplateName AuditDeletedNotificationManagementRoleName	AuditDeletedNotificationEmail EmpowerIDSystemNotifications
UpdatePersonBusinessRoles	DisableManagerPreApproval	false
UpdatePersonDirectAssignment	DisableManagerPreApproval	true
UpdatePersonManagementRoles	DisableManagerPreApproval	true
CreatePerson	DisableManagerPreApproval ManagementRoleIDToEmail	true 110
CheckoutSharedCredential	DisablePreApproval	false
DeleteAccountWF	EmailMessageID	3041
SODViolationsExample	EmailMessageID	35
CertificateExpirationNotification	EmailMessageID LicenseEmailTemplateID ManagementRoleIDToNotify	3008 3017 108
AddBusinessProcessTaskComment	EmailTemplateName	BusinessProcessTaskComment
NotifyAuditParticipants	EmailTemplateNameForAllAuditParticipants EmailTemplateNameForAnyoneWithUnfinishedTasks EmailTemplateManagersOfPeopleWithUnfinishedTasks	EmailTemplateNameForAllAuditParticipants EmailTemplateNameForAnyoneWithUnfinishedTasks EmailTemplateNameForManagersOfPeopleWithUnfinishedTasks
UnreviewedRecertificationTaskNotification	EscalationEmailTemplateName	Reviewer Recertification Escalation Email
HelpdeskPasswordReset	ManagementRoleIDToEmail	110
ResetPassword	ManagementRoleIDToEmail SendAdminNotification SendUserNotification	110 true true
SODViolationsExample	ManagementRoleIDToNotify	110
UnreviewedRecertificationTaskNotification	NotificationEmailTemplateName	Reviewer Recertification Escalation Email
ElevateMeTemporarily	RetroActiveApprovalRequired	false
SendOTPAnonymous	SendPasswordToEmail SendPasswordToTwilioSMS SendPasswordToTwilioVoiceCall SendPasswordToMobile SendPasswordToPersonalEmail	true true true true true
PasswordResetCenter	SendPasswordToEmail SendPasswordToMobile SendPasswordToPersonalEmail SendPasswordToTwilioSMS SendPasswordToTwilioVoiceCall TwilioOTPVoiceMessageTemplateName	false false false false false TwilioOTPVoiceMessage
LoginWF	SendPasswordToEmail SendPasswordToMobile SendPasswordToPersonalEmail SendPasswordToTwilioSMS TwilioOTPVoiceMessageTemplateName SendPasswordToTwilioVoiceCall TwilioOTPVoiceMessageTemplateName	true false true true TwilioOTPVoiceMessage false TwilioOTPVoiceMessage
RegisterAccount	SendPasswordToEmail SendPasswordToMobile SendPasswordToPersonalEmail SendPasswordToTwilioSMS SendPasswordToTwilioVoiceCall TwilioOTPVoiceMessageTemplateName	true false true true true TwilioOTPVoiceMessage
SendPersonOneTimePassword	SendPasswordToMobile SendPasswordToPersonalEmail SendPasswordToTwilioSMS SendPasswordToTwilioVoiceCall SendPasswordToEmail SMSOTPKeyEntryName TwilioOTPVoiceMessageTemplateName	true true true true true PasswordResetCenterOTPSMSMessage TwilioOTPVoiceMessage
PasswordResetCenterTOTP	TwilioOTPVoiceMessageTemplateName TwilioOTPVoiceMessageTemplateName	TwilioOTPVoiceMessage TwilioOTPVoiceMessage
ResetMultiFactor	SendTwilioSMS SendTwilioVoiceCall	true false
PasswordExpirationNotification	UserPasswordExpirationWarningEmailMessageID	1000
CallMe	SendTwilioVoiceCall VoiceMessage	true TwilioOTPVoiceMessage

You can schedule re-notifications or manager escalations on individual workflows. Re-notifications send emails to the task owner, and manager escalations send emails to the task owner's manager.

To access request workflows from the navbar, expand Object Administration and click Workflows.
Search for "notification" to find workflows that specifically send notifications.
Click a workflow's Display Name link, and on the Workflow Details page that appears, click the Edit icon.
Click the Schedule tab, and in the Task Owner Renotification section, you can enable and schedule re-notifications.
In the Task Owner Manager Renotification section, you can enable and schedule manager notifications.

Email templates

You can find all of EmpowerID's email templates in the database in the EMailMessage table, or in the web application by expanding Admin, then Miscellaneous, and selecting Localized Emails. See Localizing Emails for details on how to edit, translate, and create emails.

Email messages fall into several categories.

These emails are sent to people with the indicated Management Role

ID	Email Template Name	Management Role	Regarding

ID	Email Template Name	Management Role	Regarding
3007	Job Failed Alert Message	EmpowerID System Notifications	Failed job name, system server and exception information
35	SoD Violation Notifcation	EmpowerID Security Alerts	Request that caused a Separation of Duties violation
3005	Group Membership Change Alert Message	Group Membership Change Alerts Group Owner Notifications	Accounts added or removed from group

These emails are sent when a new employee is added to the system.

ID	Email template name	Sent to	Request workflow and parameters	Regarding

ID	Email template name	Sent to	Request workflow and parameters	Regarding
1014	Manager Preapproval Needed	Manager of a new employee	CreatePerson DisableManagerPreApproval ManagementRoleIDToEmail	Onboarding request
1023	Validate Email Address	New user	CreatePerson	Link to validate email address
1036	Welcome Email for New Person	New user	CreatePerson	Login credentials
1037	Person Created Email	Manager of a new employee	CreatePerson ManagementRoleIDToEmail	New person information
1050	Password Email to New Person	New user	CreatePerson	New person password

You can enable alerts for Dynamic Group Management (Hierarchies) when you create them. (They are off by default.)

ID	Email template name	Regarding

ID	Email template name	Regarding
1038	Generic Hierarchy Create Group Message	new group created for dynamic hierarchy policy
1039	Generic Hierarchy Delete Group Message	group for dynamic hierarchy policy deleted
1040	Generic Hierarchy Group Membership Changed Message	group membership for dynamic hierarchy policy changed
1043	Generic Hierarchy Create Management Role Message	new management role created for dynamic hierarchy policy
1044	Generic Hierarchy Delete Management Role Message	management role for dynamic hierarchy policy deleted
1045	Generic Hierarchy Management Role Membership Changed Message	management role membership for dynamic hierarchy policy changed
1046	Generic Hierarchy Create Management Role Definition Message	new management role definition created for dynamic hierarchy policy
1047	Generic Hierarchy Delete Management Role Definition Message	management role definition for dynamic hierarchy policy deleted
1048	Generic Hierarchy Create Organization Unit Message	new organization unit created for dynamic hierarchy policy
1049	Generic Hierarchy Delete Organization Unit Message	organization unit for dynamic hierarchy policy deleted

You can enable alerts for Dynamic Group Management (Hierarchies) when you create them. (They are off by default.)

You can control which Dynamic Hierarchy change alert emails are sent by doing the following:

On the navbar, expand Dynamic Groups and click Policies.
Edit each policy and scroll down to the Alerts section.

These emails are sent when rights to mailbox changes are detected and synced.

ID	Email template name	Regarding

ID	Email template name	Regarding
3003	Exchange Mailbox Permission Sync Receiver Notification	rights assigned to an Exchange mailbox
3010	Office 365 Mailbox Permission Sync Receiver Notification	rights assigned to an Office 365 mailbox